Privacy Policy

Last updated: April 7, 2026

1. Who We Are

Vooth is a VIP alert platform that monitors connected messaging platforms — including Gmail, Outlook, Slack, Microsoft Teams, SMS, and phone — for messages from contacts you designate as important, and alerts you when they reach out. Vooth is operated by Vooth LLC, a Wyoming limited liability company. Contact us at support@vooth.com.

2. What We Collect

When you create an account, we collect your name, email address, and a bcrypt-hashed password. We do not store your password in plaintext.

When you connect a messaging platform, we collect and store:

• Your platform account email address or identifier
• OAuth access and refresh tokens, encrypted at rest using libsodium secretbox (XSalsa20-Poly1305)
• Message metadata: sender name, sender identifier, subject line, and a short snippet for display in alerts

The level of message access varies by platform:

• Gmail and Outlook: We access email headers and metadata only (sender, recipient, subject, date). We never read or store email body content.
• Slack, Microsoft Teams, and SMS: Message content is read in order to match your keyword filters. Content is not stored beyond the short snippet included in an alert record. Full message bodies are never retained.

For Phone tier subscribers, we also collect:

• Your provisioned Vooth phone number and inbound SMS message snippets
• Call transcripts generated from inbound calls to your Vooth number. Callers are notified by an announcement before any recording or transcription begins.
• Device tokens for push notification delivery

For billing, we collect your subscription plan and payment status. Payment card details are handled entirely by Stripe and are never stored on our servers.

3. OAuth Scopes We Request

We request only the minimum permissions required to monitor your inboxes and identify your VIP contacts. The complete list of permissions requested per platform:

• Gmail:
  • gmail.metadata — read access to email headers and metadata only (sender, subject, date). We do not read, store, or transmit email body content.
  • userinfo.email, userinfo.profile — your Gmail address and display name, used to identify your connected account.
  • contacts.readonly, contacts.other.readonly — read access to your Google Contacts and "Other contacts" (people you've emailed but not explicitly added). Used exclusively to suggest VIP contacts during onboarding and to match incoming senders against your contact list. We do not modify, export, or share your contacts.
• Outlook / Microsoft 365:
  • Mail.Read, Mail.Read.Shared — read access to your inbox and shared mailboxes. We access headers and metadata only; we do not read, store, or transmit full email bodies.
  • User.Read — your Microsoft account display name and email address.
  • People.Read — read access to your Microsoft contacts and people suggestions, used to identify and suggest VIP contacts.
  • offline_access — allows token refresh so Vooth can monitor your inbox without requiring you to re-authenticate.
• Microsoft Teams:
  • Chat.Read — read access to Teams chat messages sent to you.
  • User.Read — your Microsoft account display name and email address.
  • People.Read — read access to your Microsoft contacts, used to identify and suggest VIP contacts.
  • offline_access — allows token refresh without requiring re-authentication.
• Slack:
  • channels:history, groups:history, im:history, mpim:history — read access to messages in public channels, private channels, direct messages, and group DMs you are a member of.
  • channels:read, groups:read, im:read, mpim:read — read channel and conversation metadata (names, membership) to identify where messages are coming from.
  • users:read, users:read.email — read Slack user profiles and email addresses, used to match senders against your VIP contact list.
  • team:read — read your Slack workspace name and identifier.
  • channels:join — allows the Vooth app to join public channels when you configure it to monitor them.
  • chat:write — reserved for future use (direct message delivery confirmation). Not currently used to send messages on your behalf.

We do not request write permissions on any platform for user-facing actions. No messages are sent, modified, or deleted on your behalf.

4. How We Use Your Data

• To match incoming messages against your VIP contact list and generate alerts
• To display sender name, subject, and snippet in the Vooth app and web portal
• To deliver push notifications to your device when a VIP message is detected
• To maintain connection health (OAuth token refresh, webhook subscription renewal)
• To generate and display call transcripts and summaries for Phone tier subscribers

We do not sell your data. We do not use your data for advertising. We do not use your message data to train AI or machine learning models. We do not share your data with third parties except as described in Section 5.

5. Subprocessors

We use the following third-party services to operate Vooth. Each receives only the data necessary to perform their function:

• Amazon Web Services (AWS) — server infrastructure, hosted in the United States
• Stripe — payment processing and subscription management
• Telnyx — SMS delivery and phone number provisioning. Inbound call audio is processed by Telnyx for transcription purposes.
• Deepgram — server-side transcription of voicemail recordings
• Mistral AI — AI summarization of call transcripts. Transcript content is transmitted to Mistral's API for this purpose.
• Apple Push Notification Service / Google Firebase Cloud Messaging — push notification delivery to your device

6. Facebook and Messenger

When you connect a Facebook Business Page, Vooth receives messages sent to that Page via the Messenger Platform. We use this data solely to generate VIP alerts within your Vooth account. We access only the permissions required: reading messages and identifying senders. We do not post, reply, or take any action on your behalf on Facebook. You can disconnect your Facebook Page at any time from the Platforms tab in the Vooth app, at which point your page access token is deleted from our servers.

7. Data Retention

Raw inbox message data (sender name, subject, snippet) is automatically purged after 3 days. This window covers the period in which an alert is actionable — after 3 days, a missed message is no longer time-sensitive and the data is deleted.

VIP alert records (who contacted you, when, and on which platform) are retained indefinitely as a historical ledger of your VIP contact activity. You can acknowledge or delete individual alerts at any time from within the app.

OAuth tokens are deleted when you disconnect a platform. You may request full account deletion at any time by emailing support@vooth.com and we will delete your account and all associated data within 30 days.

8. Security

All OAuth tokens are encrypted at rest using libsodium secretbox (XSalsa20-Poly1305). All data is transmitted over HTTPS/TLS. Passwords are hashed using bcrypt and never stored in plaintext. Our servers are hosted in the United States on Amazon Web Services.

9. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting support@vooth.com. We will respond within 30 days. California residents have additional rights under the CCPA, including the right to know what personal information we collect and the right to request deletion.

10. Not a HIPAA-Compliant Platform

Vooth is not a HIPAA-compliant platform. Vooth may not be used to receive, store, or transmit Protected Health Information (PHI). See our Terms of Service for details.

11. Children

Vooth is not directed at children under 13 and we do not knowingly collect personal information from children.

12. Changes

We may update this policy. Continued use of Vooth after changes constitutes acceptance. Material changes will be communicated via email.